[SNMP4J] SNMP v3 - with same user name on different devices is not working
Senthil Murugan Ramalingam -X (seramali - UNISH CORPORATION at Cisco)
seramali at cisco.com
Mon Apr 20 18:26:53 CEST 2015
Hi Frank,
Yes , you are correct. Localization was the issue. Refered code given on
below link and now it¹s working fine.Thanks for your help.
https://server.oosnmp.net/confluence/pages/viewpage.action?pageId=1441800
One clarification, is there any performance issue on creating new USM on
each threads?
USM usm = new USM(securityProtocols, localEngineID, 0);
SecurityModels.getInstance().addSecurityModel(usm);
Thanks
-Senthil
On 4/18/15, 1:30 PM, "Frank Fock" <fock at agentpp.com> wrote:
>Hi Senthil,
>It seems that you do not correctly localize the user correctly. The
>SNMPv3 standard requires the localization. That's how the security works.
>Please make also sure that the username is not added non localized to the
>USM.
>Best regards
>Frank
>
>
>> Am 18.04.2015 um 22:03 schrieb Senthil Murugan Ramalingam -X (seramali
>>- UNISH CORPORATION at Cisco) <seramali at cisco.com>:
>>
>> Usually engined id will be supplied by user through our GUI. But for
>> testing this issue, taken engine id from following two devices
>>
>> ip :172.21.139.65
>> User name: sowra
>> Engine ID: 8000000903000019E765D390
>> storage-type: nonvolatile active
>> Authentication Protocol: SHA
>> Privacy Protocol: AES128
>>
>>
>> ip :172.21.139.105
>> User name: sowra
>>
>> Engine ID: 8000000903000026984FEE81
>> storage-type: nonvolatile active
>> Authentication Protocol: MD5
>> Privacy Protocol: AES128
>>
>> and adding user to USM using following method (run as threads),
>>
>> snmp.getUSM().addLocalizedUser(engineID.getBytes(), new
>> OctetString(securityName), authenticationProtocol,
>> SecurityProtocols.getInstance().passwordToKey(authenticationProtocol,
>> authenticationPwd, engineID.getBytes()),privacyProtocol,
>> SecurityProtocols.getInstance().passwordToKey(privacyProtocol,
>> authenticationProtocol, privacyPwd, engineID.getBytes()));
>>
>> But getting following exception
>>
>>
>> org.snmp4j.MessageException: Message processing model 3 returned error:
>> Unknown security name
>> at
>> org.snmp4j.MessageDispatcherImpl.sendPdu(MessageDispatcherImpl.java:501)
>> at org.snmp4j.Snmp.sendMessage(Snmp.java:1004)
>> at org.snmp4j.Snmp.send(Snmp.java:898)
>> at org.snmp4j.Snmp.send(Snmp.java:878)
>> at org.snmp4j.Snmp.send(Snmp.java:843)
>> at
>>
>>com.cisco.sc.alc.service.SNMPv3Collector.doGet1(SNMPv3Collector.java:256)
>> at com.cisco.sc.alc.service.TestThread.run(TestThread.java:36)
>>
>> If I use following method, always one device get successful, other all
>> devices getting time out.
>>
>> snmp.getUSM().addUser(new OctetString(securityName),new UsmUser(new
>>
>>OctetString(securityName),authenticationProtocol,authenticationPwd,privac
>>yP
>> rotocol,privacyPwd));
>>
>>
>>
>>
>>
>> Can you pls share workable code for the scenario devices having same
>> security name that will be executed on threads at a time. Also is it
>> mandatory to get engineid if user name is same for all devices? If so
>>why?
>>
>> Thanks
>> -Senthil
>>
>>
>>> On 4/18/15, 2:04 AM, "Frank Fock" <fock at agentpp.com> wrote:
>>>
>>> Hi Senthil,
>>>
>>> How do you get/determine the engine ID in your functions doGet1
>>>parameter
>>> list?
>>> It must be different for those two devices and it has to be their
>>> authoritative engine ID.
>>>
>>> Best regards,
>>> Frank
>>>
>>>
>>>
>>>> On 17 Apr 2015, at 23:24, Senthil Murugan Ramalingam -X (seramali -
>>>> UNISH CORPORATION at Cisco) <seramali at cisco.com> wrote:
>>>>
>>>> Hi Frank,
>>>>
>>>> I am trying to do SNMP v3 get request to 2 different devices with
>>>>same
>>>> user name , always 1 device get successful, other get time out. I
>>>> referred
>>>> earlier posts and tried all the solutions like localizing keys ,
>>>>nothing
>>>> works. Can you pls help me how to fix this.
>>>>
>>>> Here my USM portion of code
>>>>
>>>>
>>>> private static USM usm;
>>>>
>>>>
>>>>
>>>> static{
>>>> SecurityProtocols securityProtocols =
>>>>SecurityProtocols.getInstance();
>>>> securityProtocols.addPrivacyProtocol(new PrivAES128());
>>>> securityProtocols.addPrivacyProtocol(new
>>>> PrivAES192With3DESKeyExtension());
>>>> securityProtocols.addPrivacyProtocol(new
>>>> PrivAES256With3DESKeyExtension());
>>>> securityProtocols.addPrivacyProtocol(new PrivDES());
>>>> securityProtocols.addPrivacyProtocol(new Priv3DES());
>>>>
>>>> usm = new USM(securityProtocols, new
>>>> OctetString(MPv3.createLocalEngineID()), 0);
>>>> SecurityModels.getInstance().addSecurityModel(usm);
>>>>
>>>> }
>>>>
>>>>
>>>> public static String doGet1(String targetAddr,String securityName, OID
>>>> authenticationProtocol, String authenticationPassphrase,
>>>> OID privacyProtocol, String privacyPassphrase, String
>>>>engineID,
>>>> String
>>>> oid,Logger logger){
>>>>
>>>>
>>>> try{
>>>> usm.addUser(new OctetString(securityName),new UsmUser(new
>>>> OctetString(securityName),authenticationProtocol
>>>> ,authenticationPwd,privacyProtocol,privacyPwd));
>>>>
>>>> // usm.addLocalizedUser(engineid, new
>>>>OctetString(securityName),
>>>> authenticationProtocol,
>>>> SecurityProtocols.getInstance().passwordToKey(authenticationProtocol,
>>>> authenticationPwd, engineid),
>>>> // privacyProtocol,
>>>> SecurityProtocols.getInstance().passwordToKey(privacyProtocol,
>>>> authenticationProtocol, privacyPwd, engineid));
>>>>
>>>> // usm.addLocalizedUser(engineid, new
>>>>OctetString(securityName),
>>>> authenticationProtocol, authenticationPassphrase.getBytes(),
>>>> // privacyProtocol, privacyPassphrase.getBytes());
>>>>
>>>>
>>>> }
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Thanks
>>>> -Senthil
>>
More information about the SNMP4J
mailing list